Huawei Honor 6/Honor 6 Plus/Honor 7 up to 6.9.15 PXN Defense 7pk security
A vulnerability was found in Huawei Honor 6, Honor 6 Plus and Honor 7 up to 6.9.15. It has been rated as critical. Affected by this issue is some unknown functionality of the component PXN Defense. The manipulation leads to 7pk security features. Using CWE to declare the problem leads to CWE-254. The bug was discovered 10/26/2016. The weakness was released 04/02/2017 as sa-20161026-01 (Website). The advisory is available at huawei.com. This vulnerability is handled as CVE-2016-8768. An attack has to be approached locally. There are no technical details available. There is no exploit available. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment. This vulnerability is assigned to T1211 by the MITRE ATT&CK project. It is declared as not defined. The vulnerability was handled as a non-public zero-day exploit for at least 158 days. As 0-day the estimated underground price was around $5k-$25k. Upgrading to version 6.9.16 is able to address this issue. It is recommended to upgrade the affected component. A possible mitigation has been published even before and not after the disclosure of the vulnerability. The vulnerability is also documented other vulnerability databases: SecurityFocus (BID 93885).
Want to stay up to date on a daily basis?
Enable the mail alert feature now!